Make the rbm build system work with runc 1.0.0

The new build system has been tested with runc 0.1.1 (which is the version included in Debian stretch, and jessie-backports). However version 1.0.0 (Debian sid currently has version 1.0.0~rc2) includes some incompatible changes, so we will need to adapt how we use runc to make that work.

In version 1.0.0, the runc start command has been replaced by runc run: https://github.com/opencontainers/runc/commit/c669b8d1568633c68bd915561ceb2e5ecc1bfc6a

We will need to detect which version of runc is installed to use the correct command.

added TorBrowserTeam201709R component::applications/tor browser owner::boklm parent::17379 priority::low resolution::fixed severity::normal status::closed tbb-rbm type::task labels

Trac:
Keywords: N/A deleted, tbb-rbm added

Branch bug_23039 has a patch fixing this: https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_23039&id=6e1b94b490a872ac287aad8102e5ec5270f48275

Trac:
Status: new to needs_review
Keywords: N/A deleted, TorBrowserTeam201709R added

Pointing to https://github.com/opencontainers/runtime-spec/commit/eb114f057094dd2314682d55f8cb9c189915ac86 shows the reformatting of the capabilities. But why do we suddenly need so many more compared to runc < 1.0.0. The commit you pointed to does not make this kind of change.

The needs_revision is for missing changes to README as runc 0.1.1 is not required anymore with this patch.

Trac:
Keywords: TorBrowserTeam201709R deleted, TorBrowserTeam201709 added
Status: needs_review to needs_revision

Replying to gk:

Pointing to https://github.com/opencontainers/runtime-spec/commit/eb114f057094dd2314682d55f8cb9c189915ac86 shows the reformatting of the capabilities. But why do we suddenly need so many more compared to runc < 1.0.0. The commit you pointed to does not make this kind of change.

Actually we use the same list of capabilities as before, but we now need to list separately the bounding, effective, inheritable, permitted and ambient capabilities, instead of having just one list before. I updated the commit message to say that.

The needs_revision is for missing changes to README as runc 0.1.1 is not required anymore with this patch.

I removed the part about the runc version from the README in branch bug_23039_v2: https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_23039_v2&id=209818fc10ba14e8ebfb126cc364c26300795af9

Trac:
Keywords: TorBrowserTeam201709 deleted, TorBrowserTeam201709R added
Status: needs_revision to needs_review

Replying to boklm:

Replying to gk:

Pointing to https://github.com/opencontainers/runtime-spec/commit/eb114f057094dd2314682d55f8cb9c189915ac86 shows the reformatting of the capabilities. But why do we suddenly need so many more compared to runc < 1.0.0. The commit you pointed to does not make this kind of change.

Actually we use the same list of capabilities as before, but we now need to list separately the bounding, effective, inheritable, permitted and ambient capabilities, instead of having just one list before. I updated the commit message to say that.

Indeed, sorry. My bad, but thanks for making this more explicit.

The needs_revision is for missing changes to README as runc 0.1.1 is not required anymore with this patch.

I removed the part about the runc version from the README in branch bug_23039_v2: https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_23039_v2&id=209818fc10ba14e8ebfb126cc364c26300795af9

Applied to master (commit 209818fc10ba14e8ebfb126cc364c26300795af9).

Trac:
Resolution: N/A to fixed
Status: needs_review to closed

The patch wrongly assumes version 0.1.1 does not exit with an error when given an unknown command, which is the case on my build machine running jessie, but not on the tpo build machine running stretch. So something else needs to be used to detect the runc version used.

Trac:
Status: closed to reopened
Resolution: fixed to N/A

Trac:
Keywords: TorBrowserTeam201709R deleted, TorBrowserTeam201709 added

The branch bug_23039_fixup has a patch to fix that: https://gitweb.torproject.org/user/boklm/tor-browser-build.git/commit/?h=bug_23039_fixup&id=1f054c59ddc349cf5719447bc51eaccde554312a

Trac:
Status: reopened to needs_review
Keywords: TorBrowserTeam201709 deleted, TorBrowserTeam201709R added

Looks good and solved my issue. Applied to master (commit 1f054c59ddc349cf5719447bc51eaccde554312a).

Trac:
Status: needs_review to closed
Resolution: N/A to fixed

closed

mentioned in issue #23513 (moved)

moved to tpo/applications/tor-browser#23039 (closed)

mentioned in issue tpo/applications/tor-browser#23513 (closed)